miracle091/dnscrypt-proxy
miracle091
/
dnscrypt-proxy
mirror of https://github.com/DNSCrypt/dnscrypt-proxy.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Use dlog for everything

This commit is contained in:
Frank Denis 2018-01-11 11:50:54 +01:00
parent 735213f45a
commit 9a3cd91cd7
5 changed files with 30 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
dnscrypt-proxy/certs.go
View File

@ -7,7 +7,7 @@ import (
"strings" "strings"
"time" "time"
"github.com/golang/glog" "github.com/jedisct1/dlog"
"github.com/jedisct1/xsecretbox" "github.com/jedisct1/xsecretbox"
"github.com/miekg/dns" "github.com/miekg/dns"
"golang.org/x/crypto/ed25519" "golang.org/x/crypto/ed25519"
@ -41,15 +41,15 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
for _, answerRr := range in.Answer { for _, answerRr := range in.Answer {
binCert, err := packTxtString(strings.Join(answerRr.(*dns.TXT).Txt, "")) binCert, err := packTxtString(strings.Join(answerRr.(*dns.TXT).Txt, ""))
if err != nil { if err != nil {
glog.Warningf("[%v] Unable to unpack the certificate", providerName) dlog.Warnf("[%v] Unable to unpack the certificate", providerName)
continue continue
} }
if len(binCert) < 124 { if len(binCert) < 124 {
glog.Warningf("[%v] Certificate too short", providerName) dlog.Warnf("[%v] Certificate too short", providerName)
continue continue
} }
if !bytes.Equal(binCert[:4], CertMagic[:4]) { if !bytes.Equal(binCert[:4], CertMagic[:4]) {
glog.Warningf("[%v] Invalid cert magic", providerName) dlog.Warnf("[%v] Invalid cert magic", providerName)
continue continue
} }
cryptoConstruction := CryptoConstruction(0) cryptoConstruction := CryptoConstruction(0)
@ -59,36 +59,36 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
case 0x0002: case 0x0002:
cryptoConstruction = XChacha20Poly1305 cryptoConstruction = XChacha20Poly1305
default: default:
glog.Infof("[%v] Unsupported crypto construction", providerName) dlog.Infof("[%v] Unsupported crypto construction", providerName)
continue continue
} }
signature := binCert[8:72] signature := binCert[8:72]
signed := binCert[72:] signed := binCert[72:]
if !ed25519.Verify(pk, signed, signature) { if !ed25519.Verify(pk, signed, signature) {
glog.Warningf("[%v] Incorrect signature", providerName) dlog.Warnf("[%v] Incorrect signature", providerName)
continue continue
} }
serial := binary.BigEndian.Uint32(binCert[112:116]) serial := binary.BigEndian.Uint32(binCert[112:116])
tsBegin := binary.BigEndian.Uint32(binCert[116:120]) tsBegin := binary.BigEndian.Uint32(binCert[116:120])
tsEnd := binary.BigEndian.Uint32(binCert[120:124]) tsEnd := binary.BigEndian.Uint32(binCert[120:124])
if now > tsEnd || now < tsBegin { if now > tsEnd || now < tsBegin {
glog.Infof("[%v] Certificate not valid at the current date", providerName) dlog.Infof("[%v] Certificate not valid at the current date", providerName)
continue continue
} }
if serial < highestSerial { if serial < highestSerial {
glog.Infof("[%v] Superseded by a previous certificate", providerName) dlog.Infof("[%v] Superseded by a previous certificate", providerName)
continue continue
} }
if serial == highestSerial { if serial == highestSerial {
if cryptoConstruction < certInfo.CryptoConstruction { if cryptoConstruction < certInfo.CryptoConstruction {
glog.Infof("[%v] Keeping the previous, preferred crypto construction", providerName) dlog.Infof("[%v] Keeping the previous, preferred crypto construction", providerName)
continue continue
} else { } else {
glog.Infof("[%v] Upgrading the construction from %v to %v", providerName, certInfo.CryptoConstruction, cryptoConstruction) dlog.Infof("[%v] Upgrading the construction from %v to %v", providerName, certInfo.CryptoConstruction, cryptoConstruction)
} }
} }
if cryptoConstruction != XChacha20Poly1305 && cryptoConstruction != XSalsa20Poly1305 { if cryptoConstruction != XChacha20Poly1305 && cryptoConstruction != XSalsa20Poly1305 {
glog.Warningf("[%v] Cryptographic construction %v not supported", providerName, cryptoConstruction) dlog.Warnf("[%v] Cryptographic construction %v not supported", providerName, cryptoConstruction)
continue continue
} }
var serverPk [32]byte var serverPk [32]byte
@ -97,7 +97,7 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
if cryptoConstruction == XChacha20Poly1305 { if cryptoConstruction == XChacha20Poly1305 {
sharedKey, err = xsecretbox.SharedKey(proxy.proxySecretKey, serverPk) sharedKey, err = xsecretbox.SharedKey(proxy.proxySecretKey, serverPk)
if err != nil { if err != nil {
glog.Warningf("[%v] Weak public key", providerName) dlog.Errorf("[%v] Weak public key", providerName)
continue continue
} }
} else { } else {
@ -108,7 +108,7 @@ func FetchCurrentCert(proxy *Proxy, proto string, pk ed25519.PublicKey, serverAd
certInfo.CryptoConstruction = cryptoConstruction certInfo.CryptoConstruction = cryptoConstruction
copy(certInfo.ServerPk[:], serverPk[:]) copy(certInfo.ServerPk[:], serverPk[:])
copy(certInfo.MagicQuery[:], binCert[104:112]) copy(certInfo.MagicQuery[:], binCert[104:112])
glog.Infof("[%v] Valid cert found: [%x]", providerName, certInfo.ServerPk) dlog.Noticef("[%v] Valid cert found: [%x]", providerName, certInfo.ServerPk)
} }
if certInfo.CryptoConstruction == UndefinedConstruction { if certInfo.CryptoConstruction == UndefinedConstruction {
return certInfo, errors.New("No useable certificate found") return certInfo, errors.New("No useable certificate found")

5
dnscrypt-proxy/config.go
View File

@ -7,7 +7,7 @@ import (
"time" "time"
"github.com/BurntSushi/toml" "github.com/BurntSushi/toml"
"github.com/golang/glog" "github.com/jedisct1/dlog"
) )
type Config struct { type Config struct {
@ -53,7 +53,6 @@ func ConfigLoad(proxy *Proxy, config_file string) error {
flag.Parse() flag.Parse()
config := newConfig() config := newConfig()
if _, err := toml.DecodeFile(*configFile, &config); err != nil { if _, err := toml.DecodeFile(*configFile, &config); err != nil {
glog.Error(err)
return err return err
} }
proxy.timeout = time.Duration(config.Timeout) * time.Millisecond proxy.timeout = time.Duration(config.Timeout) * time.Millisecond
@ -89,7 +88,7 @@ func ConfigLoad(proxy *Proxy, config_file string) error {
var stamp ServerStamp var stamp ServerStamp
var err error var err error
if len(serverConfig.Stamp) > 0 { if len(serverConfig.Stamp) > 0 {
panic("Stamps are not implemented yet") dlog.Fatal("Stamps are not implemented yet")
} else { } else {
stamp, err = NewServerStampFromLegacy(serverConfig.Address, serverConfig.PublicKey, serverConfig.ProviderName) stamp, err = NewServerStampFromLegacy(serverConfig.Address, serverConfig.PublicKey, serverConfig.ProviderName)
if err != nil { if err != nil {

20
dnscrypt-proxy/main.go
View File

@ -5,7 +5,7 @@ import (
"net" "net"
"time" "time"
"github.com/golang/glog" "github.com/jedisct1/dlog"
"golang.org/x/crypto/curve25519" "golang.org/x/crypto/curve25519"
) )
@ -29,9 +29,10 @@ type Proxy struct {
} }
func main() { func main() {
dlog.Init("dnscrypt-proxy", dlog.SeverityNotice)
proxy := Proxy{} proxy := Proxy{}
if err := ConfigLoad(&proxy, "dnscrypt-proxy.toml"); err != nil { if err := ConfigLoad(&proxy, "dnscrypt-proxy.toml"); err != nil {
panic(err) dlog.Fatal(err)
} }
if proxy.daemonize { if proxy.daemonize {
Daemonize() Daemonize()
@ -42,7 +43,7 @@ func main() {
func (proxy *Proxy) StartProxy() { func (proxy *Proxy) StartProxy() {
proxy.questionSizeEstimator = NewQuestionSizeEstimator() proxy.questionSizeEstimator = NewQuestionSizeEstimator()
if _, err := rand.Read(proxy.proxySecretKey[:]); err != nil { if _, err := rand.Read(proxy.proxySecretKey[:]); err != nil {
glog.Fatal(err) dlog.Fatal(err)
} }
curve25519.ScalarBaseMult(&proxy.proxyPublicKey, &proxy.proxySecretKey) curve25519.ScalarBaseMult(&proxy.proxyPublicKey, &proxy.proxySecretKey)
for _, registeredServer := range proxy.registeredServers { for _, registeredServer := range proxy.registeredServers {
@ -51,19 +52,20 @@ func (proxy *Proxy) StartProxy() {
for _, listenAddrStr := range proxy.listenAddresses { for _, listenAddrStr := range proxy.listenAddresses {
listenUDPAddr, err := net.ResolveUDPAddr("udp", listenAddrStr) listenUDPAddr, err := net.ResolveUDPAddr("udp", listenAddrStr)
if err != nil { if err != nil {
glog.Fatal(err) dlog.Fatal(err)
} }
listenTCPAddr, err := net.ResolveTCPAddr("tcp", listenAddrStr) listenTCPAddr, err := net.ResolveTCPAddr("tcp", listenAddrStr)
if err != nil { if err != nil {
glog.Fatal(err) dlog.Fatal(err)
} }
if err := proxy.udpListener(listenUDPAddr); err != nil { if err := proxy.udpListener(listenUDPAddr); err != nil {
glog.Fatal(err) dlog.Fatal(err)
} }
if err := proxy.tcpListener(listenTCPAddr); err != nil { if err := proxy.tcpListener(listenTCPAddr); err != nil {
glog.Fatal(err) dlog.Fatal(err)
} }
} }
dlog.Notice("dnscrypt-proxy is ready")
for { for {
time.Sleep(proxy.certRefreshDelay) time.Sleep(proxy.certRefreshDelay)
proxy.serversInfo.refresh(proxy) proxy.serversInfo.refresh(proxy)
@ -77,7 +79,7 @@ func (proxy *Proxy) udpListener(listenAddr *net.UDPAddr) error {
} }
go func() { go func() {
defer clientPc.Close() defer clientPc.Close()
glog.Infof("Now listening to %v [UDP]", listenAddr) dlog.Noticef("Now listening to %v [UDP]", listenAddr)
for { for {
buffer := make([]byte, MaxDNSPacketSize-1) buffer := make([]byte, MaxDNSPacketSize-1)
length, clientAddr, err := clientPc.ReadFrom(buffer) length, clientAddr, err := clientPc.ReadFrom(buffer)
@ -100,7 +102,7 @@ func (proxy *Proxy) tcpListener(listenAddr *net.TCPAddr) error {
} }
go func() { go func() {
defer acceptPc.Close() defer acceptPc.Close()
glog.Infof("Now listening to %v [TCP]", listenAddr) dlog.Noticef("Now listening to %v [TCP]", listenAddr)
for { for {
clientPc, err := acceptPc.Accept() clientPc, err := acceptPc.Accept()
if err != nil { if err != nil {

6
dnscrypt-proxy/serversInfo.go
View File

@ -9,7 +9,7 @@ import (
"time" "time"
"github.com/VividCortex/ewma" "github.com/VividCortex/ewma"
"github.com/golang/glog" "github.com/jedisct1/dlog"
"golang.org/x/crypto/ed25519" "golang.org/x/crypto/ed25519"
) )
@ -76,7 +76,7 @@ func (serversInfo *ServersInfo) registerServer(proxy *Proxy, name string, stamp
} }
func (serversInfo *ServersInfo) refresh(proxy *Proxy) { func (serversInfo *ServersInfo) refresh(proxy *Proxy) {
glog.Infof("Refreshing certificates") dlog.Infof("Refreshing certificates")
serversInfo.RLock() serversInfo.RLock()
registeredServers := serversInfo.registeredServers registeredServers := serversInfo.registeredServers
serversInfo.RUnlock() serversInfo.RUnlock()
@ -107,7 +107,7 @@ func (serversInfo *ServersInfo) getOne() *ServerInfo {
func (serversInfo *ServersInfo) fetchServerInfo(proxy *Proxy, name string, stamp ServerStamp) (ServerInfo, error) { func (serversInfo *ServersInfo) fetchServerInfo(proxy *Proxy, name string, stamp ServerStamp) (ServerInfo, error) {
serverPk, err := hex.DecodeString(strings.Replace(stamp.serverPkStr, ":", "", -1)) serverPk, err := hex.DecodeString(strings.Replace(stamp.serverPkStr, ":", "", -1))
if err != nil || len(serverPk) != ed25519.PublicKeySize { if err != nil || len(serverPk) != ed25519.PublicKeySize {
glog.Fatal("Unsupported public key: [%v]", serverPk) dlog.Fatalf("Unsupported public key: [%v]", serverPk)
} }
certInfo, err := FetchCurrentCert(proxy, proxy.mainProto, serverPk, stamp.serverAddrStr, stamp.providerName) certInfo, err := FetchCurrentCert(proxy, proxy.mainProto, serverPk, stamp.serverAddrStr, stamp.providerName)
if err != nil { if err != nil {

1
glide.yaml
View File

@ -6,6 +6,7 @@ import:
version: ^1.1.1 version: ^1.1.1
- package: github.com/VividCortex/godaemon - package: github.com/VividCortex/godaemon
- package: github.com/hashicorp/golang-lru - package: github.com/hashicorp/golang-lru
- package: github.com/jedisct1/dlog
- package: github.com/jedisct1/xsecretbox - package: github.com/jedisct1/xsecretbox
- package: github.com/miekg/dns - package: github.com/miekg/dns
version: ^1.0.3 version: ^1.0.3